Class: Cuba::Safe::CSRF::Helper

Inherits:
Object
  • Object
show all
Defined in:
lib/cuba/safe/csrf.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(req) ⇒ Helper

Returns a new instance of Helper.


11
12
13
# File 'lib/cuba/safe/csrf.rb', line 11

def initialize(req)
  @req = req
end

Instance Attribute Details

#reqObject (readonly)

Returns the value of attribute req


9
10
11
# File 'lib/cuba/safe/csrf.rb', line 9

def req
  @req
end

Instance Method Details

#form_tagObject


33
34
35
# File 'lib/cuba/safe/csrf.rb', line 33

def form_tag
  return %Q(<input type="hidden" name="csrf_token" value="#{ token }">)
end

#meta_tagObject


37
38
39
# File 'lib/cuba/safe/csrf.rb', line 37

def meta_tag
  return %Q(<meta name="csrf_token" content="#{ token }">)
end

#reset!Object


19
20
21
# File 'lib/cuba/safe/csrf.rb', line 19

def reset!
  session.delete(:csrf_token)
end

#safe?Boolean

Returns:

  • (Boolean)

23
24
25
26
27
# File 'lib/cuba/safe/csrf.rb', line 23

def safe?
  return req.get? || req.head? ||
    req[:csrf_token] == token ||
    req.env["HTTP_X_CSRF_TOKEN"] == token
end

#sessionObject


41
42
43
# File 'lib/cuba/safe/csrf.rb', line 41

def session
  return req.env["rack.session"]
end

#tokenObject


15
16
17
# File 'lib/cuba/safe/csrf.rb', line 15

def token
  session[:csrf_token] ||= SecureRandom.base64(32)
end

#unsafe?Boolean

Returns:

  • (Boolean)

29
30
31
# File 'lib/cuba/safe/csrf.rb', line 29

def unsafe?
  return !safe?
end